Many companies are now using PIM (Privileged Identity Management) to control and increase security on Azure AD roles like Global Administrator. But this feature should also be used on Azure resources (Subscriptions, Management groups, Resource groups, and resources) to prevent unwanted access, misuse, and "accidents" from unwanted and wanted users.

This is a matter of cost, stability, and security. With the right mindset, focus, and tools it should be possible for most companies to get started with this quite quickly. But the process might meet both technical and “cultural” challenges.

This session focus on the discovery and implementation phase and scripts to ease the process will also be made available for the attendees.